How do I add TXT/SPF/DKIM/DMARC records for my domain?

SPF (Sender Policy Framework) is a DNS text entry which shows a list of servers that should be considered allowed to send mail for a specific domain. Incidentally the fact that SPF is a DNS entry can also considered a way to enforce the fact that the list is authoritative for the domain, since the owners/administrators are the only people allowed to add/change that main domain zone.
Thus, SPF gives other mailservers a way to verify that mail claiming to be from your domain is sent from one of your authorized IP addresses. They do this by checking a special TXT record configured in the domain name zone. It helps to establish the legitimacy of the domain mail server and reduces the chances of spoofing, which occurs when someone fakes the headers on an email to make it look like it’s coming from your domain, even though the message did not originate from your mail server.

A very basic SPF record looks like the following:

example.com   TXT     v=spf1 a ~all

DKIM (DomainKeys Identified Mail) should be instead considered a method to verify that the messages' content are trustworthy, meaning that they weren't changed from the moment the message left the initial mail server. This additional layer of trustability is achieved by an implementation of the standard public/private key signing process. Once again the owners of the domain add a DNS entry with the public DKIM key which will be used by receivers to verify that the message DKIM signature is correct, while on the sender side the server will sign the entitled mail messages with the corresponding private key.
DKIM records are implemented as text records as well. The record must be created for a subdomain, which has a unique selector for that key, then a period (.), and then a protocol name '_domainkey' and the domain name itself. The type is TXT, and the value includes the type of key, followed by the actual key.

A typical DKIM record looks like the following:

selector1._domainkey.example.com        TXT     k=rsa;p=J8eTBu224i086iK

DMARC (Domain-based Messaging and Reporting Compliance) is a technology designed to combat email spoofing and is useful to stop phishing. Specifically, it protects the case where a phisher has spoofed the 5322. DMARC protects users by evaluating both SPF and DKIM and then determines if either  domains matches the domain in the 5322.

A very basic DMARC record looks like the following:

_dmarc.example.com   TXT     v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:dmarcreports@example.com

Setting up the records

If your domain is pointed to our BasicDNS, BackupDNS, PremiumDNS or FreeDNS, you can easily set up TXT, SPF, DKIM and DMARC records in your Namecheap account.

Follow the instructions below to add a needed record:

1. Having logged into the Namecheap account, choose Domain List on the left and click on the Manage button next to your domain:



2. Navigate to the Advanced DNS tab from the top menu and click on the Add new record button:



3. Select TXT Record for Type and insert a string (usually, you can get it from your service provider) into the Value field.

For Host, add @ that corresponds to yourdomain.tld or a subdomain (_dmarc, for example) you need to create the TXT/SPF/DKIM/DMARC record for.

Note: the domain name itself should not be included to the Host field.


4. Click on the Save all changes button. Normally, it takes 30 minutes for newly created host records to take effect.


That's it!

If you have any questions, feel free to contact our Support Team.

Comments

We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close